question on Alternative chains certificate forgery (CVE-2015-1793)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Precisely the versions as stated in https://openssl.org/news/secadv_20150709.txt are affected:

	This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.

	OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d
	OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p

	This issue was reported to OpenSSL on 24th June 2015 by Adam Langley/David
	Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL project.

In other words, the bug was introduced in 1.0.1n resp. 1.0.2b, which was roughly a month before it was fixed again.


On 07/21/2015 05:48 PM, Jayalakshmi bhat wrote:
> Hi All,
> 
> Does *a**lternative chains certificate forgery** issue* affects the OpenSSL stacks earlier than 1.0.1n releases Why I am asking this question is affected code seems to be available in earlier versions as well.
> 
> 
> Thanks and Regards
> 
> Jayalakshmi
> 
> 


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux